Re: defending ahead the p2p nature of bitcoin - blending hashcash & scrypt
Maybe someone is rich and just wants to mess with the network. It seems unwise to make ourselves vulnerable to that sort of thing merely because we wouldn't take advantage of it ourselves.
I think that is something to think about in byzantine threat models. Could a big and hostile player greatly out sizing bitcoin in terms of money to burn destabilize via financial exchange manipulation, or mining out the coins with vastly more CPU power, buying and deleting coins etc. It seems often that some big players prefer covert plausibly deniable or hard to prove action than something overt. Or alternatively they could find or make an legal excuse to cut exchanges off from the banking interface.
Even competitors like banks themselves if the bitcoins started to eat into profit margins maybe they could drive out the currency by buying all the liquid parts. (Bad currency drives out good?)
Adam
Oh, like I said, such an attacker can do a stupidhuge number of devastating non-cryptographic attacks.
Here's another one:
Assume attacker can waste up to 500 mil. USD (I assume that is the ballpark "pocket change" figure for someone who can afford developing ASICs just to "mess with the coin guys")
Attacker creates a highly anonymous offshore structure, in this case I would probably suggest a trust (it's hard, but possible, to set up an offshore in a manner that is literally impossible to trace back to the real mastermind of the affair)
Attacker arranges for about $50 mil moved there.
Attacker locates, across numerous anonymous fora, a programmer that is both highly competent and unethical (not like there ain't places on the net where such folks hang out)
Attacker hires him to enter BTC dev circles, contribute, gain team trust, and eventually sneak a remote code execution vulnerability (disguised as a honest coding mistake, of course) into main. Attacker pays the blackhat a very lucrative salary via the offshore structure.
The attack would be completely devastating, and, in case the exploit is discovered prior to relevant code being accepted into main, the blackhat has plausible deniability (not like anyone can claim to never have made a dangerous coding mistake)
Fighting "Rich Mad" is not fun
Surely thats just a question of mining in much smaller parts, so that rewards are meaured in the Satoshis range instead of 25 whole coins. I think the harder but probably solveable problem if it was desired would be p2p traffic efficiency. I do think poolproof would be useful.
Well, the problem with "mini-mining" is variance, also known as "luck" [..] Miners want their payoff come in stable and predictable intervals
Thats because the minimum network accepted virtual "nugget gold weight" is too high for the end user miner. If the rate of average production for a spec of virtual gold dust was 1 second on a GPU (for some picosatoshi) the rate of progress would be smooooth, so its not the randomness per se, its the size of the minimum mining target. It'll be acceptably smooth even at 1 microcoin per hour for 500MH miner at a given difficulty.
The problem and reason for big 25 coin blocks I think is p2p network scalability.
You can therefore think of pools like supernodes in a p2p network. They hand "shares" sized chunks of work, out effectively the microcoin challenge and smooth it out for you, and like supernodes in p2p networks in general, they help the network scalability. There is healthy competition amongst pools, and the barrier to entry is low.
In an idealized crypto currency you could argue it would be desirable to be able to mine picocoins directly with out pools. poolproof as you called it. But I think for now the people working on the code are having enough fun scaling for transaction volume etc with the current parameters absent some interesting new crypto to say allow secure offline combinable and splittable proofs of work.
Adam
Yes, a mining algo that would allow me to mine low-diff mini - rewards blocks alongside "big" miners mining for bigger rewards without causing a security compromise would be a huge boon (with current PoW, that won't work, at least not straightforwadly)
It would make the poolsafe concept viable (currently, you can make pools un-workable, but you need mini-reward scheme to make it lucrative)
Well my idea is this aim to get to 50:50 hashcash scrypt [or pool of algorithms]
I can't imagine majority of miners (who are already sitting on ASICs) would accept this kind of fork. I am anti-fork as bad for mindshare, confidence and dilutive of bitcoin and crypto currency value aggregate.
Awwww man
Seriously though, with all due respect (and with admittance of my conflict of interest here) - alt-coins (or rather, truly innovative alt-coins as opposed to one-two tweak clones) are useful.
They prevent monoculture.
If anything, we need more altcoins pursuing different niches (I feel that there are market niches which BTC, contrary to popular belief, fills imperfectly, allowing for an alt to take that niche without affecting mainstream btc adoption - but that's a long and boring story)